About Secure Quantum
Secure Quantum is an Applied Quantum company on a mission to prepare organizations for the security challenges of the quantum era. We focus on post-quantum cryptography, quantum threat intelligence, and strategic quantum security consulting. By combining expertise in cybersecurity, IT systems, and quantum science, we help clients in sectors like banking, healthcare, telecom, and critical infrastructure identify their vulnerabilities and implement quantum-safe solutions. Our approach is proactive and research-driven, ensuring that our clients can transition to new cryptographic standards and technologies before threats materialize.
Job Summary
We are seeking a meticulous Cryptographic Inventory Analyst to help clients map and manage their cryptographic assets in preparation for post-quantum upgrades. In this role, you will conduct in-depth audits of applications and systems to catalog all cryptographic algorithms, protocols, and keys in use – essentially building a “cryptographic bill of materials” for organizations. By analyzing this inventory, you will determine which components are most at risk from quantum attacks and help prioritize remediation efforts. Your work will directly inform and drive our clients’ post-quantum transition plans, making you a key player in their journey to crypto-agility.
Key Responsibilities
- Cryptographic Audit: Perform comprehensive discovery of cryptographic components across client systems and software. Identify all instances of encryption and digital signatures (e.g., SSL/TLS configurations, use of RSA/ECC in applications, stored encrypted data, PKI certificates, etc.). Compile a detailed inventory of algorithms, key lengths, cryptographic libraries, and hardware (HSMs, TPMs) in use.
- Risk Evaluation: For each identified cryptographic item, evaluate its susceptibility to quantum attacks. Determine, for example, which RSA or ECC keys fall below safe length thresholds, or which algorithms (like SHA-1, 3DES) are outdated or particularly vulnerable. Assign risk levels or time horizons for quantum vulnerability where applicable, leveraging the latest research and guidance.
- Tool Utilization: Use and develop tools or scripts to automate parts of the discovery process. This may include static code analysis tools to find cryptographic API calls in codebases, network scanning tools to detect TLS versions/cipher suites, or custom scripts to parse configurations for crypto settings.
- Data Management: Maintain organized records of cryptographic assets in a secure database or repository. Ensure that inventory data is kept up-to-date through the course of the project and that any changes (additions of systems, decommissioning of components, etc.) are recorded.
- Reporting & Documentation: Prepare clear and concise reports that summarize the cryptographic inventory and highlight critical findings. Provide visualizations or tables that make it easy for stakeholders to see where vulnerabilities lie (e.g., a list of systems using RSA-2048 that need upgrading). Accompany findings with recommended actions and prioritization (which crypto elements should be addressed first).
- Collaboration: Work closely with the broader Secure Quantum team – including security consultants and cryptographers – to align the inventory findings with next steps. For example, collaborate in suggesting appropriate post-quantum replacements for vulnerable algorithms and in planning the sequence of upgrades or patching.
- Compliance Support: Ensure that the inventory process and documentation meet any relevant compliance or regulatory requirements. Some industries or governments may require an accounting of cryptographic assets and plans for PQC transition; assist clients in satisfying these obligations by providing necessary data and reports.
Qualifications
- Technical Knowledge: Solid understanding of cryptographic algorithms and their uses in enterprise environments. Familiarity with how and where cryptography is implemented (web servers, applications, databases, certificates, VPNs, etc.). Ability to read and comprehend code or configuration files to identify crypto usage (experience with languages like Java, C/C++, Python or JavaScript can be useful for this).
- Attention to Detail: Exceptional attention to detail and accuracy in analysis. This role requires diligent tracking of many small components without losing sight of the overall security picture.
- Experience: Previous experience in a cybersecurity, IT audit, or software development role that involved cryptography is highly beneficial. For example, experience performing security audits, PKI administration, or software security reviews will be an asset.
- Analytical Skills: Capability to assess the strength of various cryptographic implementations and understand the implications of their use. Basic knowledge of how quantum computing impacts specific algorithms (e.g., Shor’s algorithm effect on RSA/ECC, Grover’s algorithm effect on symmetric ciphers) is a plus.
- Tool Skills: Experience using code scanning tools, security assessment tools, or writing scripts for automation (using Python, Bash, PowerShell, etc.) to aid in data collection and analysis.
- Communication: Ability to document findings clearly and explain technical details to others. You should be able to create organized spreadsheets, diagrams, and written summaries. Working well with client personnel to obtain information (interviewing system owners or developers about cryptographic usage) is also important.
- Education: Bachelor’s degree in Computer Science, Information Security, Engineering, or related field, or equivalent work experience. Relevant certifications (like CompTIA Security+, Certified Ethical Hacker, or SANS GIAC certificates related to security auditing) are a plus.
What We Offer
- Impactful Work: The opportunity to play a crucial role in our clients’ security strategy by identifying hidden vulnerabilities and shaping their road to quantum safety.
- Expert Team: Collaboration with leading cryptographers and security consultants, providing a rich environment for learning and professional growth.
- Competitive Compensation: A competitive salary and benefits package that values your specialized skill set.
- Flexible Environment: Flexible working hours and remote work options, trusting you to deliver results in the environment where you work best.
- Career Development: Support for professional development, including training in post-quantum cryptography and chances to attend industry conferences or obtain relevant certifications.
How to Apply
If you are thorough, analytical, and excited about diving deep into cryptographic details to help organizations prepare for the future, we invite you to apply. Please send us your resume and a cover letter describing your experience with cryptography or security audits, and why you are interested in this position.
Join Secure Quantum and help map out the cryptographic landscape for our clients, paving the way for a secure transition to the quantum era.
